package com.wiwf.model.magicapi;

import javax.annotation.Resource;

import com.wiwf.model.bean.SysUserVoto;
import com.wiwf.model.mapper.admin.dao.SysUserMapper;
import com.wiwf.model.bean.SysUserBean;
import com.wiwf.model.security.service.SysTokenService;
import com.wiwf.model.security.service.SysUserService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.ssssssss.magicapi.core.context.MagicUser;
import org.ssssssss.magicapi.core.exception.MagicLoginException;
import org.ssssssss.magicapi.core.interceptor.Authorization;
import org.ssssssss.magicapi.core.interceptor.AuthorizationInterceptor;
import org.ssssssss.magicapi.core.model.Group;
import org.ssssssss.magicapi.core.model.MagicEntity;
import org.ssssssss.magicapi.core.servlet.MagicHttpServletRequest;

/**
 * Magic Api 管理拦截配置
 * @author kehui
 */
@Component
public class MagicInterceptor implements AuthorizationInterceptor{

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private SysUserMapper userMapper;

    @Resource
    private SysTokenService tokenService;
    @Resource
    private SysUserService userService;
    
    
    /**
     * 是否需要登录
     *
     * @return true 需要登录， false 不需要登录
     */
    @Override
    public boolean requireLogin() {
        return true;
    }

    /**
     * 根据Token获取User对象
     *
     * @param token token值
     * @return 登录成功后返回MagicUser对象
     * @throws MagicLoginException 登录失败抛出
     */
    @Override
    public MagicUser getUserByToken(String token) throws MagicLoginException {
        String unauthorization = "unauthorization";
        if (unauthorization.equals(token)) {
            throw new MagicLoginException("token 无效：" + token);
        } else if(ObjectUtils.isEmpty(token)){
        	String yToken = tokenService.getToken();
        	if (ObjectUtils.isEmpty(token)) {
        		throw new MagicLoginException("token 无效：" + token);
            } else {
            	token = yToken;
            }
        }

        SysUserVoto sysUserVoto = tokenService.getTokenUser(token);
        if (ObjectUtils.isEmpty(sysUserVoto)) {
            throw new MagicLoginException("token 无效：" + token);
        }

        return new MagicUser(sysUserVoto.getUserId().toString(), sysUserVoto.getName(), token);
    }

    /**
     * 根据用户名，密码登录
     *
     * @param username 用户名
     * @param password 密码
     * @return 登录成功后返回MagicUser对象
     * @throws MagicLoginException 登录失败抛出
     */
    @Override
    public MagicUser login(String username, String password) throws MagicLoginException {
        SysUserVoto user = userMapper.getUserInfo(username);

        if (!ObjectUtils.isEmpty(user) && passwordEncoder.matches(password, user.getPassword())) {
            SysUserBean userBean = userService.getUser(username);

            return new MagicUser(user.getUserId().toString(), user.getName(), userBean.getToken());
        }

        throw new MagicLoginException("用户名或密码不正确");
    }

    /**
     * 退出登录
     *
     * @param token token值
     */
    @Override
    public void logout(String token) {
        tokenService.delTokenUser();
    }

    /**
     * 是否拥有页面按钮的权限
     *
     * @param magicUser     登录的用户对象
     * @param request       HttpServletRequest
     * @param authorization 鉴权方法
     * @return true 有权限访问， false 无权限访问
     */
    @Override
    public boolean allowVisit(MagicUser magicUser, MagicHttpServletRequest request, Authorization authorization) {
        return isAdmin(magicUser.getToken());
    }

    /**
     * 是否拥有对该接口的增删改权限
     *
     * @param magicUser     登录的用户对象
     * @param request       HttpServletRequest
     * @param authorization 鉴权方法
     * @param entity        接口、函数、数据源信息
     * @return true 有权限访问， false 无权限访问
     */
    @Override
    public boolean allowVisit(MagicUser magicUser, MagicHttpServletRequest request, Authorization authorization, MagicEntity entity) {
        return allowVisit(magicUser, request, authorization);
    }


    /**
     * 是否拥有对该分组的增删改权限
     *
     * @param magicUser     登录的用户对象
     * @param request       HttpServletRequest
     * @param authorization 鉴权方法
     * @param group         分组信息
     * @return true 有权限访问， false 无权限访问
     */
    @Override
    public boolean allowVisit(MagicUser magicUser, MagicHttpServletRequest request, Authorization authorization, Group group) {
        return allowVisit(magicUser, request, authorization);
    }

    /**
     * 刷新 token, 重新赋值对象内的token和timeout
     * @param user 用户信息
     */
    @Override
    public void refreshToken(MagicUser user) {

        SysUserVoto userVoto = userMapper.getUserInfo(user.getUsername());
        // 生成token
        String token = tokenService.getToken();
        // 存储token
        tokenService.addTokenUser(token, userVoto);
    }

    private Boolean isAdmin(String token) {
        SysUserVoto sysUserVoto = tokenService.getTokenUser(token);

        return "root".equalsIgnoreCase(sysUserVoto.getRoleCode());
    }

}

